System for monitoring and managing firewall devices and firewall management platforms

1. A security policy management system for monitoring and managing security policies of a plurality of application specific objects of a plurality of application devices across a plurality of datacenters by defining a security policy, said security policy management system comprising: a memory that stores a database; and a hardware processor that is executed and configured to: display said plurality of application devices that are managed in said security policy management system in a single pane view, wherein said plurality of application devices are displayed along with abstracted rule base of said plurality of application devices, wherein an abstract rule base view is designated as a user interface view that enables a user to add/upload related external details or files and said abstracted rule base is designed and configured to display configurations of said plurality of application devices of different vendors in a unified manner that simplifies users of said plurality of application devices to view the configuration displays of the different vendors without showing vendor-specific views; add said plurality of application devices to a device inventory, wherein said added plurality of application devices are displayed and managed under said single pane view; automatically generate a trend line graph to display outages and configuration changes of said plurality of application specific objects of said plurality of application devices over a period of time when at least one of said plurality of application specific objects of at least one of said plurality of application devices is modified or changed by continuously reviewing the changes and monitoring said plurality of application specific objects of said plurality of application devices before applying the changes to associated application devices; define a search logic to query and fetch a plurality of rules and a plurality of policies across said plurality of application devices by applying said search logic over networks by matching and overlapping a range of IP addresses, wherein said search logic over networks comprises identifying a set of starting range and an ending range of said IP addresses obtained from a user as a search query and analyzing said plurality of application specific objects, said plurality of rules and said plurality of policies that matches or overlaps between said starting range and said ending range of said IP addressees; define a new security policy associated with said plurality of rules, and said plurality of policies and assign a new role to said plurality of application specific objects of said plurality of application devices stored in said device inventory with appropriate access permissions; and automatically implement said new security policy to modify a plurality of user details and policy information associated with said plurality of rules and policies in values or attributes and said plurality of application specific objects of said plurality of application devices for managing said security policy of said plurality of application specific objects of said plurality of application devices, wherein said rules comprises at least one of (a) one or more security rules or (b) one or more NAT rules that are applicable to said one or more security rules, wherein said one or more NAT rules are re-ordered as per an application device NAT lookup logic when modifying any of the one or more NAT rules.

2. The security policy management system of claim 1 , wherein said processor is further configured to: assign a role to said plurality of application specific objects of said plurality of application devices that are stored in said device inventory with security policies as read or write access; assign a plurality of roles to said plurality of application specific objects of said plurality of application devices; and provide privileges over access of functions of said plurality of application devices managed in said security policy management system and said plurality of application specific objects that are allowed to manage.

3. The security policy management system of claim 2 , wherein said plurality of application devices comprises at least one of a plurality of firewall devices, a plurality of proxy devices or a plurality of web application firewall devices, wherein said plurality of application specific objects comprises at least one of said plurality of rules, said plurality of polices or objects of said plurality of rules comprises at least one of IP address, network objects or UTM profiles.

4. The security policy management system of claim 2 , wherein said processor is further configured to: (i) select a user role to modify said role of said user through an account management, (ii) select at least one device that is assigned for said user under said access control tab, (iii) select appropriate access to said role for said selected object, and (iv) move said selected object of said plurality of application devices from an available list to assigned list.

5. The security policy management system of claim 1 , wherein said processor is further configured to: display a plurality of rule and a plurality of policy information of said plurality of application devices on a control center page under a firewall tab, a proxy device tab and a WAF device tab; and enable said plurality of users to add metadata to each rule of said plurality of application devices under said firewall tab, said proxy device tab and said WAF device tab, wherein said metadata comprises additional data or external files related to said rule.

6. The security policy management system of claim 1 , wherein said processor is further configured to: (i) automatically detect a high availability peer device which associated to a particular policy, wherein said high availability peer device is detected using an IP address of an application device; and (ii) add a secondary application device by manually entering said secondary application device details.

7. The security policy management system of claim 1 , wherein said processor is further configured to: search for said plurality of rules, said plurality of policies and said plurality of objects based on IP objects and network objects that are obtained as said search query, wherein said search query comprises at least one of (i) state of a rule, (ii) a device name associated to a policy, (iii) action associated to a policy or a rule base managed within said plurality of application devices, (iv) a policy name, (v) a source object name associated to said policy or said rule base, (vi) a destination object name associated to said policy or said rule base, (vii) IP addresses comprises an individual IP address, an IP address with subnet mask, and object range that are associated to said policy or said rule base, (viii) a destination IP addresses comprises an individual IP address, an IP address with subnet mask, and object range that are associated to said policy or said rule base, (ix) a service object name that associated to said rule and (x) an application or an object name that associated to said policy or said rule base.

8. The security policy management system of claim 1 , wherein said security policy management system (a) defines a shared object and deploys said shared object in said plurality of application devices and (b) provides ability to re-use an object by sharing across vendors of said plurality of application devices by abstracting information of vendors.

9. The security policy management system of claim 1 , wherein said security policy management system migrate rules from one application device to another application device.

10. The security policy management system of claim 1 , wherein said security policy management system provides said NAT rules that are applicable for said security rules when selecting said security rules specific to an application device.

11. A computer-implemented method for monitoring and managing a security policy of a plurality of application specific objects of a plurality of application devices across a plurality of datacenters by defining a security policy, comprising: displaying said plurality of application devices managed in a security policy management system in a single pane view, wherein said plurality of application devices are displayed along with abstracted rule base of said plurality of application devices, wherein an abstract rule base view is designated as a user interface view that enables a user to add/upload related external details or files and said abstracted rule base is designed and configured to display configurations of said plurality of application devices of different vendors in a unified manner that simplifies users of said plurality of application devices to view the configuration displays of the different vendors without showing vendor-specific views; adding new application devices to a device inventory, wherein said newly added application devices are displayed and managed under said single pane view; automatically generating a trend line graph to display a configuration changes of said plurality of application specific objects of said plurality of application devices over a period of time when at least one of said plurality of application specific objects of at least one of said plurality of application devices is modified or changed by continuously reviewing the changes and monitoring said plurality of application specific objects of said plurality of application devices before applying the changes to associated application devices; defining a search logic to query and fetching a plurality of rules and a plurality of policies across said plurality of application devices by applying said search logic over networks by matching and overlapping a range of IP addresses and port numbers of said plurality of application devices based on a search query obtained from a user, wherein said search logic over networks comprises identifying a set of starting range and an ending range of said IP addresses and port numbers and analyzing said plurality of application specific objects, said plurality of rules and said plurality of policies that matches or overlaps between said starting range and said ending range of said IP addresses and port numbers; defining a new security policy associated with said plurality of rules, and said plurality of policies and assigning a new role to said plurality of application specific objects of said plurality of application devices stored in said device inventory with read access permissions; and implementing said new security policy to modify a plurality of user details and a policy information associated with said plurality of rules and policies in values or attributes and said plurality of application specific objects of said plurality of application devices for managing said security policy of said plurality of application specific objects of said plurality of application devices, wherein said rules comprises at least one of (a) one or more security rules or (b) one or more NAT rules that are applicable to said one or more security rules, wherein said one or more NAT rules are re-ordered as per an application device NAT lookup logic when modifying any of the one or more NAT rules.

12. The computer-implemented method of claim 11 , further comprising: tagging one or more rules of said plurality of application devices to an application ID to monitor said plurality of application devices, wherein said any of a rule from said one or more rules is retrieved by searching said corresponding application ID.

13. The computer-implemented method of claim 11 , further comprising: assigning a role to said plurality of application specific objects of said plurality of application devices that are stored in said device inventory with security policies as read or write access; assigning a plurality of roles to said plurality of application specific objects of said plurality of application devices; and providing privileges over access of functions of said plurality of application devices managed in said security policy management system and said plurality of application specific objects that are allowed to manage.

14. The computer-implemented method of claim 11 , further comprising: automatically detecting a high availability peer device which associated to a particular policy, wherein said high availability peer device is detected using an IP address of an application device; and obtaining details about a secondary application device that is manually entered by a user.

15. The computer-implemented method of claim 11 , further comprising: searching for said plurality of rules, said plurality of policies and said plurality of objects based on IP objects and network objects that are obtained as said search query, wherein said search query comprises at least one of (i) state of a rule, (ii) a device name associated to a policy, (iii) action associated to a policy or a rule base managed within said plurality of application devices, (iv) a policy name, (v) a source object name associated to said policy or said rule base, (vi) a destination object name associated to said policy or said rule base, (vii) IP addresses comprises an individual IP address, an IP address with subnet mask, and object range that are associated to said policy or said rule base, (viii) a destination IP addresses comprises an individual IP address, an IP address with subnet mask, and object range that are associated to said policy or said rule base, (ix) a service object name that associated to said rule and (x) an application or an object name that associated to said policy or said rule base.

16. The computer-implemented method of claim 11 , further comprising: providing said NAT rules that are applicable for said security rules when selecting said security rules specific to said application device; and migrating rules from one application device to another application device.

17. The computer-implemented method of claim 11 , further comprising: comparing web application firewall (WAF) policies to determine changes in values and attributes of said web application firewall policies, wherein said comparison (a) enables validation of said web application firewall policies before and after change and (b) enables said plurality of users to review changes said changes in said web application firewall policies before applying a web application firewall policy to a web application firewall device.

18. One or more non-transitory computer-readable storage mediums storing one or more sequences of instructions, which when executed by one or more hardware processors, cause monitoring and managing a security policy of a plurality of application specific objects of a plurality of application devices across a plurality of datacenters by defining a security policy, by performing: displaying said plurality of application devices managed in a security policy management system in a single pane view, wherein said plurality of application devices are displayed along with abstracted rule base of said plurality of application devices, wherein an abstract rule base view is designated as a user interface view that enables a user to add/upload related external details or files and said abstracted rule base is designed and configured to display configurations of said plurality of application devices of different vendors in a unified manner that simplifies users of said plurality of application devices to view the configuration displays of the different vendors without showing vendor-specific views; adding new application devices to a device inventory, wherein said newly added application devices are displayed and managed under said single pane view; automatically generating a trend line graph to display outages and configuration changes of said plurality of application specific objects of said plurality of application devices over a period of time when at least one of said plurality of application specific objects of at least one of said plurality of application devices is modified or changed by continuously reviewing the changes and monitoring said plurality of application specific objects of said plurality of application devices before applying the changes to associated application devices; defining a search logic to query and fetching a plurality of rules and a plurality of policies across said plurality of application devices by applying said search logic over networks by matching and overlapping a range of IP addresses and port numbers of said plurality of application devices based on a search query obtained from a user, wherein said search logic over networks comprises identifying a set of starting range and an ending range of said IP addresses and port numbers and analyzing said plurality of application specific objects, said plurality of rules and said plurality of policies that matches or overlaps between said starting range and said ending range of said IP addresses and port numbers; defining a new security policy associated with said plurality of rules, and said plurality of policies and assigning a new role to said plurality of application specific objects of said plurality of application devices stored in said device inventory with appropriate access permissions; and implementing said new security policy to modify a plurality of user details and a policy information associated with said plurality of rules and policies in valves or attributes and said plurality of application specific objects of said plurality of application devices for managing said security policy of said plurality of application specific objects of said plurality of application devices, wherein said rules comprises at least one of (a) one or more security rules or (b) one or more NAT rules that are applicable to said one or more security rules, wherein said one or more NAT rules are re-ordered as per an application device NAT lookup logic when modifying any of the one or more NAT rules.

19. The one or more non-transitory computer-readable storage mediums storing one or more sequences of instructions of claim 18 , which when executed by the one or more processors further cause: assigning a role to said plurality of application specific objects of said plurality of application devices that are stored in said device inventory with security policies as read or write access; assigning a plurality of roles to said plurality of application specific objects of said plurality of application devices; and providing privileges over access of functions of said plurality of application devices managed in said security policy management system and said plurality of application specific objects that are allowed to manage.

20. The one or more non-transitory computer-readable storage mediums storing one or more sequences of instructions of claim 18 , which when executed by the one or more processors further cause: automatically detecting a high availability peer device which associated to a particular policy, wherein said high availability peer device is detected using an IP address of an application device; obtaining details about a secondary application device that is manually entered by a user; providing said NAT rules that are applicable for said security rules when selecting said security rules specific to said application device; and migrating rules from one application device to another application device.